如何在 SQL Server 中转义单引号?
我正在尝试将一些文本数据插入到 SQL Server 9 中的表中。
该文本包含单引号'。
我该如何逃避呢?
我尝试使用两个单引号,但它引发了一些错误。
例如。 插入 my_table 值('嗨,我的名字''s tim.');
I am trying to insert some text data into a table in SQL Server 9.
The text includes a single quote '.
How do I escape that?
I tried using two single quotes, but it threw me some errors.
eg. insert into my_table values('hi, my name''s tim.');
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(15)
单引号通过加倍来转义,就像您在示例中向我们展示的那样。以下 SQL 说明了此功能。我在 SQL Server 2008 上测试了它:
结果
Single quotes are escaped by doubling them up, just as you've shown us in your example. The following SQL illustrates this functionality. I tested it on SQL Server 2008:
Results
如果用另一个单引号转义单引号对您不起作用(就像我最近的一个
REPLACE()查询一样),您可以使用SET QUOTED_IDENTIFIER OFFcode> 在查询之前,然后在查询之后SET QUOTED_IDENTIFIER ON。例如
If escaping your single quote with another single quote isn't working for you (like it didn't for one of my recent
REPLACE()queries), you can useSET QUOTED_IDENTIFIER OFFbefore your query, thenSET QUOTED_IDENTIFIER ONafter your query.For example
我们很多人都知道,转义单引号的流行方法是通过将它们加倍,如下所示。
我们将研究一些转义单引号的其他替代方法。
1. UNICODE字符
39是单引号的UNICODE字符。所以我们可以像下面这样使用它。
2. QUOTED_IDENTIFIER
另一个简单且最佳的替代解决方案是使用 QUOTED_IDENTIFIER。
当 QUOTED_IDENTIFIER 设置为 OFF 时,字符串可以用双引号引起来。
在这种情况下,我们不需要转义单引号。
因此,在使用大量带单引号的字符串值时,这种方法非常有用。
在使用如此多行 INSERT/UPDATE 脚本(其中列值带有单引号)时,这将非常有帮助。
结论
上述方法适用于 AZURE 和 On Premises。
Many of us know that the Popular Method of Escaping Single Quotes is by Doubling them up easily like below.
we are going to look on some other alternate ways of escaping the single quotes.
1. UNICODE Characters
39 is the UNICODE character of Single Quote. So we can use it like below.
2. QUOTED_IDENTIFIER
Another simple and best alternate solution is to use QUOTED_IDENTIFIER.
When QUOTED_IDENTIFIER is set to OFF, the strings can be enclosed in double quotes.
In this scenario, we don’t need to escape single quotes.
So,this way would be very helpful while using lot of string values with single quotes.
It will be very much helpful while using so many lines of INSERT/UPDATE scripts where column values having single quotes.
CONCLUSION
The above mentioned methods are applicable to both AZURE and On Premises .
怎么样:
How about:
解决此问题的两种方法:
对于
',您只需在字符串中将其加倍即可,例如select 'I'm happy'-- 将得到:I'm happy对于任何你不确定的字符:在 sql server 中你可以通过以下方式获取任何字符的 unicode
select unicode(':')(你保留号码)所以这种情况你也可以
select 'I'+nchar(39)+'m happy'2 ways to work around this:
for
'you can simply double it in the string, e.g.select 'I''m happpy'-- will get:I'm happyFor any charactor you are not sure of: in sql server you can get any char's unicode by
select unicode(':')(you keep the number)So this case you can also
select 'I'+nchar(39)+'m happpy'引用的加倍应该有效,所以奇怪的是它对你不起作用;但是,另一种方法是在字符串周围使用双引号字符,而不是单引号字符。即,
插入 my_table 值(“嗨,我的名字是 tim。”);
The doubling up of the quote should have worked, so it's peculiar that it didn't work for you; however, an alternative is using double quote characters, instead of single ones, around the string. I.e.,
insert into my_table values("hi, my name's tim.");另一件需要注意的事情是它是否真的存储为经典的 ASCII ' (ASCII 27) 或 Unicode 2019(看起来相似,但不一样)。
这对于插入来说并不是什么大问题,但它可能意味着选择和更新的世界。
如果它是 unicode 值,则转义 WHERE 子句中的 '(例如,where blah = 'Workers''s Comp')将返回,就像您正在搜索的值不存在一样,如果“Worker's Comp”中的 '实际上是 unicode 值。
如果您的客户端应用程序支持自由密钥以及基于复制和粘贴的输入,则某些行中可能是 Unicode,其他行中可能是 ASCII!
确认这一点的一个简单方法是执行某种开放式查询,该查询将带回您正在搜索的值,然后将其复制并粘贴到记事本++或其他支持 unicode 的编辑器中。
不同的外观ascii 值和 unicode 之间的区别应该是显而易见的,但如果你倾向于肛门,它将在十六进制编辑器中显示为 27 (ascii) 或 92 (unicode)。
Also another thing to be careful of is whether or not it is really stored as a classic ASCII ' (ASCII 27) or Unicode 2019 (which looks similar, but not the same).
This isn't a big deal on inserts, but it can mean the world on selects and updates.
If it's the unicode value then escaping the ' in a WHERE clause (e.g where blah = 'Workers''s Comp') will return like the value you are searching for isn't there if the ' in "Worker's Comp" is actually the unicode value.
If your client application supports free-key, as well as copy and paste based input, it could be Unicode in some rows, and ASCII in others!
A simple way to confirm this is by doing some kind of open ended query that will bring back the value you are searching for, and then copy and paste that into notepad++ or some other unicode supporting editor.
The differing appearance between the ascii value and the unicode one should be obvious to the eyes, but if you lean towards the anal, it will show up as 27 (ascii) or 92 (unicode) in a hex editor.
以下语法将只转义一个引号:
结果将是一个单引号。可能对于创建动态 SQL 非常有帮助:)。
The following syntax will escape you ONLY ONE quotation mark:
The result will be a single quote. Might be very helpful for creating dynamic SQL :).
双引号选项帮助了我
Double quotes option helped me
只需在要插入的内容之前插入一个 ' 即可。它就像 SQL Server 中的转义字符
示例:
当您有一个字段时,我很好。
你可以这样做:
Just insert a ' before anything to be inserted. It will be like an escape character in SQL Server
Example:
When you have a field as, I'm fine.
you can do:
这应该有效
This should work
我遇到了同样的问题,但我的问题不是基于 SQL 代码本身中的静态数据,而是基于数据中的值。
此代码列出了我的数据库中的所有列名称和数据类型:
但是有些列名称实际上在列名称中嵌入了单引号!,例如...
要处理这些,我必须同时使用 REPLACE 函数使用建议的 QUOTED_IDENTIFIER 设置。否则,当在动态 SQL 中使用该列时,将会出现语法错误。
I had the same problem, but mine was not based of static data in the SQL code itself, but from values in the data.
This code lists all the columns names and data types in my database:
But some column names actually have a single-quote embedded in the name of the column!, such as ...
To process these, I had to use the REPLACE function along with the suggested QUOTED_IDENTIFIER setting. Otherwise it would be a syntax error, when the column is used in a dynamic SQL.
只需在值前添加 N
Just Add N before value
STRING_ESCAPE 函数可用于较新版本的 SQL Server
The STRING_ESCAPE funtion can be used on newer versions of SQL Server
这应该有效:使用反斜杠并加上双引号
This should work: use a back slash and put a double quote